NodeJS MySQL apostrophe reduplication with INSERT query

I’m doing my project Nodejs and MySQL and I have some problem with query with apostrophe. I got all of the data from github api and it normally works fine. but If data have single apostrophe(‘), it will get Syntax Error.

And the Error is like this.

ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's computer engineering classes.', '2017-08-28T04:05:02Z', '2018-10-21T12:04:50Z'' at line 1

​x
 
ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's computer engineering classes.', '2017-08-28T04:05:02Z', '2018-10-21T12:04:50Z'' at line 1​

At first, I was thinking about using regular expressions to get rid of all ‘ but this is not a good way to correct the original data itself.

I search the solutions in google but it’s really hard to find with this problem. Is there any google idea or solutions?

  // // User Repository Information API Process
  request(repositoryOptions, function (error, response, data) {
    if (error) {
      throw error;
    }
    let result = JSON.parse(data);

    for (i = 0; i < result.length; i++) {
      // console.log(result[i]);

      let sid = shortid.generate();
      let githubid = result[i].owner.login;
      let name = result[i].name;
      let githuburl = result[i].html_url;
      let explanation = result[i].description;
      let created_at = result[i].created_at;
      let updated_at = result[i].updated_at;


      let sqlData = `('${sid}', '${githubid}', '${name}', '${githuburl}', '${explanation}', '${created_at}', '${updated_at}')`;
      console.log(sqlData);

      let sql = `INSERT INTO Personal_Data (id, githubid, name, githuburl, explanation, pjdate1, pjdate2) VALUES ${sqlData}`;
      db.query(sql);
    }
  })

 
  // // User Repository Information API Process  request(repositoryOptions, function (error, response, data) {    if (error) {      throw error;    }    let result = JSON.parse(data);​    for (i = 0; i < result.length; i++) {      // console.log(result[i]);​      let sid = shortid.generate();      let githubid = result[i].owner.login;      let name = result[i].name;      let githuburl = result[i].html_url;      let explanation = result[i].description;      let created_at = result[i].created_at;      let updated_at = result[i].updated_at;​​      let sqlData = `('${sid}', '${githubid}', '${name}', '${githuburl}', '${explanation}', '${created_at}', '${updated_at}')`;      console.log(sqlData);​      let sql = `INSERT INTO Personal_Data (id, githubid, name, githuburl, explanation, pjdate1, pjdate2) VALUES ${sqlData}`;      db.query(sql);    }  })​

Answer

I solved the problem myself. @scetiner helps me about the keyword.

I create array and put it all variables. and because of the SQL Injection attack, I have to add placeholders(I’m not sure what is called. it’s look like ?,?,?,?,?)

Anyway Here’s my code that I modified.

request(repositoryOptions, function (error, response, data) {
    if (error) {
      throw error;
    }
    let result = JSON.parse(data);

    for (i = 0; i < result.length; i++) {
      // console.log(result[i]);

      let sid = shortid.generate();
      let githubid = result[i].owner.login;
      let name = result[i].name;
      let githuburl = result[i].html_url;
      let explanation = result[i].description;
      let created_at = result[i].created_at;
      let updated_at = result[i].updated_at;
      let sqlData = [sid, githubid, name, githuburl, explanation, created_at, updated_at];

      console.log(sqlData);

      let sql = `INSERT INTO Personal_Data (id, githubid, name, githuburl, explanation, pjdate1, pjdate2) VALUES (?,?,?,?,?,?,?)`;
      db.query(sql, sqlData);
    }

 
request(repositoryOptions, function (error, response, data) {    if (error) {      throw error;    }    let result = JSON.parse(data);​    for (i = 0; i < result.length; i++) {      // console.log(result[i]);​      let sid = shortid.generate();      let githubid = result[i].owner.login;      let name = result[i].name;      let githuburl = result[i].html_url;      let explanation = result[i].description;      let created_at = result[i].created_at;      let updated_at = result[i].updated_at;      let sqlData = [sid, githubid, name, githuburl, explanation, created_at, updated_at];​      console.log(sqlData);​      let sql = `INSERT INTO Personal_Data (id, githubid, name, githuburl, explanation, pjdate1, pjdate2) VALUES (?,?,?,?,?,?,?)`;      db.query(sql, sqlData);    }​

and then it works fine like this

: Console

[ 'FUuBdByBV',
  'sangumee',
  'Blueinno2',
  'https://github.com/sangumee/Blueinno2',
  'This repository uses BlueInno 2 and shares the source code written.',
  '2018-06-11T04:08:17Z',
  '2018-12-04T07:48:08Z' ]
[ 'HiRsc7IjNc',
  'sangumee',
  'CSS-Grid',
  'https://github.com/sangumee/CSS-Grid',
  'CSS Grid Study',
  '2018-07-13T07:49:57Z',
  '2018-07-19T05:17:14Z' ]

 
[ 'FUuBdByBV',  'sangumee',  'Blueinno2',  'https://github.com/sangumee/Blueinno2',  'This repository uses BlueInno 2 and shares the source code written.',  '2018-06-11T04:08:17Z',  '2018-12-04T07:48:08Z' ][ 'HiRsc7IjNc',  'sangumee',  'CSS-Grid',  'https://github.com/sangumee/CSS-Grid',  'CSS Grid Study',  '2018-07-13T07:49:57Z',  '2018-07-19T05:17:14Z' ]​

Advertisement

Answer